thttpd 2.0.7 Directory Traversal (Windows)

Medium Nessus Plugin ID 14229


The remote web server is vulnerable to a path traversal attack.


The remote web server fails to limit requests to items within the document directory. An attacker may exploit this flaw to read arbitrary files on the remote system with the privileges of the http process.


Unknown at this time.

See Also

Plugin Details

Severity: Medium

ID: 14229

File Name: thttpd_directory_traversal.nasl

Version: $Revision: 1.20 $

Type: remote

Family: Web Servers

Published: 2004/08/09

Modified: 2016/11/03

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Vulnerability Publication Date: 2004/08/04

Reference Information

CVE: CVE-2004-2628

BID: 10862

OSVDB: 8372